With no man in the middle present, a Windows user could use the command arp -a to see the MAC address of their router. However, a clever victim will be able to see the attack, if they're monitoring for changes in their ARP table. A Word of WarningThis should be relatively transparent to your victim because you are forwarding ports. Arpspoof tricks your victim into believing that you are the gateway, when you're actually just another machine on the network. In a larger network, it may also include traffic that passes between subnets.The next step is to use the arpspoof utility. If you set this to 0 after the following steps, you will DOS (aka “sinkhole”) any traffic originating from your victim that would need to cross a router. If you set it to 0, then Kali will not forward ports. Run the command:Įcho 1 > /proc/sys/net/ipv4/ip_forwardThis modifies ip_forward to a 1 which enables port forwarding. The first step to accomplish this is to configure your Kali machine to forward ports. Establish a MITMNow that you know the gateway and victim IP address, you need to insert your Kali machine between the two as a man in the middle. Iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-port 1000 Note the double dashes before destination-port and to-port.
With our arpspoof running in two terminal windows, we need to open a third terminal. Modify iptablesThe object in this step is to route traffic inbound to Kali to the port that SSLStip will be running on, which is port 1000 (this port does not have to be 1000 - you can select a different one but if you do, make sure you do not select a well-known port). This nmap scan will run through all possible host IP addresses and return only the IP and MAC address of live hosts: You may want to use the IP class of the gateway as a guide to determine what IP format to pass to nmap (if you're connected to the network, you can also use your own IP to determine the type of address you need).In this example, we'll use a gateway IP that begins with 192.168, which is a standard APIPA address for a Class C network running on a /24 subnet. Find the Victim IP AddressIf you don't already know the IP of your victim, you can find live hosts on the network using nmap. You can easily identify the gateway IP address by running the command, route -n, which returns the gateway IP address under the Gateway column.
You'll need to identify the IP address of both the gateway router and the victim machine.
Find the Gateway IP AddressStart Kali Linux and open the terminal. Kali can be installed in a hypervisor, as a stand-alone OS or can be run as a live OS.
SSLStrip is used to hijack secured HTTPS traffic and sniff the contents of this traffic.You'll need to download Kali Linux, which contains the SSLStrip utility in the standard image.
This tutorial will teach you how to use SSLStrip in Kali Linux.